SPAN to CPU On Nexus 9000 [Step by Step Configuration Example]

Introduction: What is SPAN to CPU

A SPAN-to-CPU packet capture allows network administrators to quickly and easily validate whether specific packets ingress and egress a Cisco Nexus 9000 Cloud Scale series switch.

Note: As a protection for the CPU from the replicated traffic via SPAN-to-CPU feature, Cisco Nexus 9000 series switches limit the rate of traffic replicated to the control plane through a SPAN-to-CPU monitor session to 50 kbps.

The Hardware Limiter of 50 kbps can be changed, for example, we will change it to 100 kbps:

N9K(config)# hardware rate-limiter span 100 
N9K(config)# end 
N9K# show hardware rate-limiter span

Step-1: Configure SPAN-to-CPU Monitor Session

The following configuration will replicate traffic from the source interface Ethernet 1/3 in both direction and send it to the CPU interface sup-eth0

N9K(config)# monitor session 1 
N9K(config-monitor)# source interface Ethernet1/3 both
N9K(config-monitor)# destination interface sup-eth0 
N9K(config-monitor)# no shut

! verify session is up:
N9K# show monitor 
Session   State         Reason                   Description 
- - - - - - -   - - - - - - - - - - -   - - - - - - - - - - - - 
1         up            The  session  is  up

Note: verify if you have an available monitor session available on the Switch, Cloud Scale ASIC that run NX-OS software support a maximum of four active SPAN or ERSPAN sessions per ASIC.

Step-2: Capture the replicated Packets received on the CPU Interface (Control plane)

To capture packets on the control plane, we will use Ethanalyzer, you can set filter exacly like Tshark:

N9K# ethanalyzer local interface inband mirror display-filter "ip.addr==10.10.0.112" limit-captured-frames 0

Add details at the end to see the whole datagram of the packet:

N9K# ethanalyzer local interface inband mirror display-filter "ip.addr==10.10.0.112" limit-captured-frames 0 detail

Step-3: Save the Capture and use Wireshark to read (Optional)

You can save the capture as pcap file and open it later with Sniffer Software, just add write to destination folder, it can be bootflash or usb for example:

N9K# ethanalyzer local interface inband mirror display-filter "ip.addr==10.10.0.112" limit-captured-frames 0 write bootflash:test.pcap

Reference: https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/215329-nexus-9000-cloud-scale-asic-nx-os-span-t.html

SPAN to CPU On Nexus 9000 [Step by Step Configuration Example]

Introduction: What is SPAN to CPU

Step-1: Configure SPAN-to-CPU Monitor Session

Step-2: Capture the replicated Packets received on the CPU Interface (Control plane)

Step-3: Save the Capture and use Wireshark to read (Optional)

Bilel

Related articles

Understanding Multicast PIM Sparse Mode (Packet Flow)

Understanding MST: Multiple Spanning Tree Protocol With Example [GNS3 Lab]

Private VLAN Forwarding Explained (With LAB and Packet Flows)

BGP Local Preference Configuration on Cisco ACI

VXLAN with Multicast Control Plane -Configuration and Packet Flow [EVE-ng Lab]

IS-IS and OSPF Redistribution (Configuration Example on Nexus 9K)

IS-IS Adjacency Packet Capture [Step by Step Wireshark Analysis]

IS-IS Routing Protocol Fundamental Explained

IS-IS Routing protocol configuration Step by Step [GNS3 Lab]

NSAP addressing and IS-IS NET Explained

Recent post

Cisco ACI SAN FC (Fiber Channel) and FCoE Configuration

ACI IPv6 Configuration in L3OUT

IPv6 Neighbor Discovery in ACI Explained with Examples

Most commented

Cisco ACI Moquery Explained & Examples

Understanding ACI and the APIC [Part 1]

Top 5 python books for beginners